Bug 132916

Summary:

Inline caching for proxies clobbers baseGPR too early

Product:

WebKit

Reporter:

Mark Hahnenberg <mhahnenberg>

Component:

JavaScriptCore

Assignee:

Mark Hahnenberg <mhahnenberg>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, fpizlo

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

132705

Attachments:

Description	Flags
Patch	none

Mark Hahnenberg

Reported 2014-05-14 11:10:49 PDT

It clobbers it prior to the Structure checks, so if any of the checks fail then the slow path gets the target of the proxy rather than the proxy itself. We need to delay the clobbering of baseGPR until we know the inline cache is going to succeed.

Attachments
Patch (3.31 KB, patch) 2014-05-14 13:01 PDT, Mark Hahnenberg	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Mark Hahnenberg

Comment 1 2014-05-14 13:01:25 PDT

Created attachment 231463 [details] Patch

WebKit Commit Bot

Comment 2 2014-05-14 13:49:28 PDT

Comment on attachment 231463 [details] Patch Clearing flags on attachment: 231463 Committed r168861: <http://trac.webkit.org/changeset/168861>

WebKit Commit Bot

Comment 3 2014-05-14 13:49:30 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.